23andMe Faces New Security Mandates in $18m Data Breach Settlement
23andMe has agreed to an $18m settlement with 42 US attorneys general over its 2023 data breach, including enhanced data protection requirements
Stay informed on the latest data breach incidents and security breaches. Protect your information with our up-to-date breach news and analysis.
Search across headline titles and summaries.
Background for this topic.
Breach means unauthorized access to a computer system or network that exposes or steals sensitive data like personal details, passwords, or proprietary information. Attackers often exploit software flaws, weak passwords, or social engineering to gain entry. Breaches can also result from insiders misusing access or accidental data exposure.
Understanding breaches is crucial because they reveal weaknesses in security controls and can lead to data theft or operational disruption. Effective defenses include promptly patching vulnerabilities, enforcing strong authentication, and segmenting networks to limit attacker movement. Detecting breaches quickly through monitoring and logging helps contain damage and guide targeted remediation efforts to secure affected systems and data.
Weekly headline count for the current query.
23andMe has agreed to an $18m settlement with 42 US attorneys general over its 2023 data breach, including enhanced data protection requirements
Supermarket giant Lidl has revealed details of a supplier breach impacting customer data
Aflac Japan has notified regulators that policy details and personal and banking information have been compromised
Nissan says employees' data was stolen via the Oracle PeopleSoft zero-day campaign
An attacker has exploited a zero day in Oracle Peoplesoft to gain access to the IT systems of the NAIC, the standard-setting association for the US federal insurance system
Experts warn the Jaguar Land Rover breach bears hallmarks of Kremlin-backed hackers, citing novel ransomware, strategic timing and efforts to obscure attribution
The UK Cyber Monitoring Centre reviews the Canvas breach affecting 160 UK universities, highlighting data theft risks and financial impacts of cyber incidents
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
At least four cybersecurity firms confirmed they have been affected by a breach of business intelligence platform Klue via Salesforce integration
The Office of the Maine Attorney General has suspended its breach reporting portal
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems
A threat actor compromised an Nx developer and posed as a legitimate maintainer to publish a malicious extension on Visual Studio Marketplace
Grafana Labs has confirmed a recent data breach was caused by the TanStack supply chain attack
The prolific threat group TeamPCP has claimed a hack into GitHub’s internal repositories
Open source tool maker Grafana says hackers stole codebase via GitHub breach
Instructure says it reached an agreement with ShinyHunters over the Canvas breach data
The ICO has fined South Staffordshire Water nearly £1m for a series of data protection failings
ShinyHunters gets away with emails and other data on 200,000 Zara customers
Security vendor Trellix has suffered a breach involving unauthorized access
The British public education sector has faced the nation’s most dramatic increase in cyber breach prevalence over the past year